31 Jan
2011
31 Jan
'11
7:17 p.m.
Always Learning wrote:
On Mon, 2011-01-31 at 18:05 +0100, Nicolas Thierry-Mieg wrote:
<snip>
Also avoid having phpMyAdmin off the main web directory. Ordinary users don't need access and should never have access to it. Hide it away somewhere and create a virtual Apache host to use it with a non-standard port number. Make it hard for the hackers and spoilers to find it.
Um, no. The answer is yum remove phpMyAdmin on a production system. As I read the logs for all our servers, and a number are world-visible websites, I can't tell you the number of times I've seen probes looking for that.
<snip> mark